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IN THE CLAIMS: 

Please write the claims to read as follows; 



1 \1 . (Amended) K method of obtaining proof of group membership in a computer 

2 system, comprising the steps of: 
A. presenting by a requester to an on-line server associated with a group a re- 
quest for a\certificate certifying that a particular entity is a member of the 
group; 

by the server whether the entity is a member of the group; and 
th)? S¥rv$r [a] at runtime a newlv-issued group membership cer- 
if the server determines that the entity is a member of 



B. determining 

C. issuing by 
tificate to the 
the group. 



1 2. (Amended) A mettrajrof obtaining proof of group non-membership in a computer 

2 system, comprising the steps of: 

3 A. presenting by a rqquester to an on-line server associated with a group a re- 

4 quest for a certificate certifying that a particular entity is not a member of the 

5 group; 

6 B. determining by the ierver whether the entity is not a member of the group; and 

7 C. issuing by the serven [a] at runtime a newlv-issued group non-membership 

8 certificate to the requester if the server determines that the entity is not a 

9 member of the group.\ 

1 3. (Amended) A method for determining entity membership in a group, wherein a 

2 server associated with the group peiforms the step of making a dynamic decision on 



3 
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3 memberehip in the group of a particular entity , and if the decision is that the entity is a 

4 member pf the group, issuing at runtime a newly-issued group membership certificate . 

1 4. (Original) The method of claim 3, wherein the dynamic decision-making step in- 

2 eludes obtaining by the server proof of entity membership in a second group. 

1 5. (Original) The method of claim 4, wherein the proof of entity membership com- 

2 prises a groun membershufcenificate. 



1 6. 



(Original) The/methoa of claim 4, wherein the proof of entity membership com- 



2 prises a group membership )ist. 



1 7. 



(Original) 



2 eludes obtaining b) 



e method of claim 3, wherein the dynamic decision-making step in- 
e server proof of entity non-membership in a second group. 



1 8. (Original) The niethod of olaim 7, wherein the proof of entity non-membership 

2 comprises a group noi>members|!iip certificate. 

1 9. (Original) The nieth^d of claim 7, wherein the proof of entity non-membership 

2 comprises a group membqjship list. 

1 10. (Original) The methoa of claim 3, wherein the server performs the step of making 

2 a dynamic decision upon a request from a requester, and wherein the requester performs 

3 the step of presenting to the servar proof of entity membership in a second group. 



! 11. (Original) The method of clart^ 10, wherein the proof of entity membership com- 
2 prises a group membership certificate. 
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12. (Original) The method of claim 10, wherein the proof of entity membership com- 
prises a gfoup membership list. 

13. (Original) The method of claim 3, wherein the server performs the step of making 
a dynamic aecision upon a request from a requester, and wherein the requester performs 
the step of piesenting to the server proof of entity non-membership in a second group. 

14. (Original) The method of claim 13, wherein the proof of entity non-membership 
comprises a gr<&up non-memjieisnip certificate. 



15. (Original^) The 
comprises a group mernbership 



nethod oyclaim 13, wherein the proof of entity non-membership 

St. 



16. (Amended) A com]put@^System wherein a/ group membership certificate is issued by 
an on-line certification authority upon request by a requestor, and a newly issued group 
membership certificate isassued at runtirn/ if the requestor is a member of the group . 



17. (Amended) A ^omputer systeffn wherein a group non-membership certificate is 
issued by an on-line certification ajnthority upon request by a requestor, and a newly is- 
sued group membership oprtificme is issued at runtime if the requestor is a member of the 
group . 

18. (Amended) A computer system wherein a server associated with a group makes a 
dynamic decision on membership in the group of a particular entity , and a newly issued 
group membership certificate isVssued at runtime if the entity is a member of the group . 



19. (Original) The system of c^im 18 wherein the server obtains proof of entity 
membership in a second group. 
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20. ((Original) The system of claim 19 wherein the proof of entity membership is a 
group membership certificate. 

21. (Original) The system of claim 19 wherein the proof of entity membership is a 
group membership list. 

22. (Original The system of claim 18 wherein the server obtains proof of entity non- 
membership in a second group. 



23. (Original) The system of^clai^ 22 wherein the proof of entity non-membership is 
a group non-membership certificate 



24. (Original) The sWem of claim 22 wherein the proof of entity non-membership is 
a group membership list.' 

25. (Original) The sysltem of claim 18 wherein the server makes the dynamic deci- 
sion on a request fi-om a reqiLsster, and wher^im the requester presents to the server proof 
of entity membership in a secohd-group. 

26. (Original) The system o^clairy25 wherein the proof of entity membership is a 
group membership certificate. 

27. (Original) The system of cla*pi 25 wherein the proof of entity membership is a 
group membership list. 



28. (Original) The system of claim le wherein the server makes the dynamic deci- 
sion on a request from a requester, and whWein the requester presents to the server proof 
of entity non-membership in a second group\ 
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1 29. (Original) The system of claim 28 wherein the proof of entity non-membership is 

2 a group nonj-membership certificate. 

1 30. (Original) The system of claim 28 wherein the proof of entity non-membership is 

2 a group membership list. 



1 31. (Amended) A method of operating an on-line server on a computer network, said 

2 server associated with a group and performing the steps of: 

3 A. receiving a reque^t^lroniy network device for proof of membership of a client 

4 in the group; 

5 B. making a dynamic decision on whether the client is a member of the group; 

6 and 

7 C. issuing to' th& netwof-k device at runtime , if the server decides that the client is 

8 a member of tne^oup, a n£wly4ssued group membership certificate proving 
that the client is^^^mber of the group. 

1 32. (Original) The methoo of claim 3 1 wherein the network device is the client, said 

2 client subsequently pr^sentinato a resourc^server a request for access to a resource on 

3 the resource server, saickrequesl includinfg the group membership certificate. 



1 33. (Original) The method of Maim 3 1 wherein the network device is a resource 

2 server receiving a request from^ cNent seeking access to a resource on the resource 

3 server, said resource seryj^^alidating the group membership certificate and authorizing 

4 client access to the resource. 



34. (Amended) A method of operating an on-line server on a computer network, said 

\ \ 

server associated with a group and performing the steps of: 

A. receiving a request from a network device for proof of membership of a cHent 
in the group; 
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\, making a dynamic decision on whether the client is a member of the group; 
.and 

C. issuing at runtime to the network device, if the server decides that the cHent is 
a member of the group, a newly issued group membership list proving that the 
client is a member of the group. 



1^ 



35. (Original)\The method of claim 34 wherein the network device is the client, said 
client subsequently presenting to a resource server a request for access to a resource on 
the resource server, ^aid request including the group membership list, 

(Original) The^method je^ cl^m 34 wherein the network device is a resource 



3 6 . (ungmai ) i ne ^metnoa j6iQ\m 
server receiving a request from a client seeking access to a resource on the resource 
server, said resource seryer 
access to the resource 



vaulting the group membership list and authorizing client 



>8. (Amended) A memerfl of operating an on Jine server on a computer network, said 
server associated with a group and performing tne steps of: 

A. receiving a VequestYrom a networy^device for proof of non-membership of a 
client in the group; 

B. making a dynarnic de^ision^efn whether the client is not a member of the 
group; and 

C. issuing at runtime -t6^the\ietwork device, if the server decides that the client is 
not a member of the grouA a newly-issued group non-membership certificate 
proving that the client is norya member of the group. 

jJ^T (Original) The method of claim JSwherein the network device is the client, said 
client subsequently presenting to a resourceWrver a request for access to a resource on 
the resource server, said request including thevgroup non-membership certificate. 
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1 A(l (Original) The method of claim J'^^herein the network device is a resource 

2 server receiving a request from a client seeking access to a resource on the resource 

3 server, said resource server validating the group non-membership certificate and author- 

4 izing client access to the resource. 

MO \ 

1 4T7 (Amended) A method of operating an on-line server on a computer netw^ork, said 

2 server associated with a group and performing the steps of: 

3 A. receiving a request from a network device for proof of non-membership of a 

4 client in the group;^ 

5 B. making a dynamic decisiem on whether the client is not a member of the 

6 group; and \/ / 

7 C. issuing at runtime to me network device, if the server decides that the client is 
7 / \ / 

^ ^ 8 not a member of the/group, a qewly issued group membership list proving that 
9 the client is not a member of the group^^ 

1 (Original) The method of claim 4f wherein the netwoBK device is the client, said 

2 client subsequently presenting toV resburce server a requestytor access to a resource on 

3 the resource server, said-request inicludmg the-group-memji^rship list. 

1 -46^ (Original) The method of claim 44rwherein the network device is a resource 

2 server receiving a request from a client seemng access to a resource on the resource 

3 server, said resource server validating the group tnembership list and authorizing client 

4 access to the resource. v 

4^ \ 

1 44^ (Amended) An on-line server on a computer network, said server associated with 

2 a group and comprised of: \ 

3 A. means for receiving a request from a network device for proof of membership 

4 of a client in the group; \ 
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\ 
\ 



B. means for making a dynamic decision on whether the client is a member of 
^he group; and 

C. means for issuing at runtime to the network device, if the server decides that 
theyclient is a member of the group, a newly issued group membership certifi- 
cate proving that the client is a member of the group. 

\ 

>5r (Original) The on-line server of claim^M^herein the network device is the client, 
said client subsequently presenting to a resource server a request for access to a resource 
on the resource server, said reqjjest including the group membership certificate. 

>ta (Original) The oiMine servpr of claim 44 wherein the network device is a resource 
server receiving a request from ayclient seeking access to a resource on the resource 
server, said resource ser/er Vali^pating the group membership certificate and authorizing 
client access to the resource. 

47r (Amended) An on-line ^rver on a cjfoiputer network, said server associated with 
a group and comprised of: 

A. means for receiving a re\jues/frGm a network device for proof of membership 
of a client in the group; 

B. means for making a dy^dmlp decision on whether the client is a member of 
the group; and 

C. means for issuing at runtime toVhe network device, if the server decides that 
the client is a member of the grom), a newly issued group membership list 
proving that the client is a membeXof the group. 

(Original) The on-line server of claim ,47\v^herein the network device is the cli- 
ent, said client subsequently presenting to a resource server a request for access to a re- 
source on the resource server, said request including me group membership list. 
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(Original) The on-line server of claim-4^wherein the network device is a re- 
source server receiving a request from a client seeking access to a resource on the re- 
soul'vce server, said resource server validating the group membership list and authorizing 
clientVccess to the resource. 

il ^ 

(/amended) An on-line server on a computer network, said server associated with 
a group ana\comprised of: 

A. mWis for receiving a request from a network device for proof of non-member- 
shimof a client in the group; 

B. meansyfor making a dynamic decision on whether the client is not a member 
of the g\pup; and 

C. means foryissuing at hintime to the network device, if the server decides that 
the client is^crt a member of the group, a newly-issued group non- 
membership certificate proving that the client is not a member of the group. 



(Original) The on-liij4«6fver of clmWjfTwherein the network device is the cli- 
ent, said client subsequently^esenting to a resource server a request for access to a re- 
source on the resource server,\a{d request jincluding the group non-membership certifi- 
cate. 

,52^ (Original) The on-line server\yi claim iO'wherein the network device is a re- 
source server receiving a request fema a\client seeking access to a resource on the re- 
source server, said resource server validaii^ig the group non-membership certificate and 
authorizing client access to the resource. 

(Amended) An on-line server on a comp^^er network, said server associated with 
a group and comprised of: 

A. means for receiving a request from a netw^s^rk device for proof of non- 
membership of a client in the group; 
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B. means for making a dynamic decision on whether the client is not a member 
of the groui; and 

C. means for issuing at runtime to the network device, if the server decides that 
the client is not a member of the group, a newly-issued group membership list 
proving the t the client is not a member of the group. 

(Original) The on-line server of claim ^ wherein the network device is the cli- 
ent, said client subsequebtly presenting to a resource server a request for access to a re- 
source on the resource server, said request including the group membership list. 

557 (Original) The on-line server of claim-53^wherein the network device is a re- 
source server receiving a reques^om a/client seeking access to a resource on the re- 
source server, said resource spver v^Hdating the group membership list and authorizing 
client access to the resourc 

S€r (Amended) A coA^ulfer data sigiJal embodied in a carrier wave and representing 
a sequence of instructions that, when executed by a processor in a network device associ- 
ated with a group, configures the net^rk device to operate as an on-line server that: 

A. receives a request fronyd second network device for proof of membership of a 
client in the grouf 

B. makes a dynamLg^^flecision on whether the client is a member of the group; and 

C. issues at runtime to the second network device, if the on-line server decides 
that thejetient is a member of the group, a newly issued group membership 
certificate proving tmat the client is a member of the group. 

(Original) The computervdata signal of claim 56Vherein the second network de- 
vice is the client, said client subsequently presenting to a resource server a request for 
access to a resource on the resource^ server, said request including the group membership 
certificate. 
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(Original) The comp^bter data signal of claim ^^^wherein the second network de- 
resource server receiving a request from a client seeking 



vice is a resource server, saic 



and authorizing client access 



5r 



access to a resource on the resource server, validating the group membership certificate, 



to the resource. 



(Amended) A computer data signal embodied in a carrier wave and representing 
a sequence of instructions thai, when executed by a processor in a network device associ- 



ated with a group, configures 



;he network device to operate as an on-line server that: 

cond network device for proof of membership of a 



)m a : 



A. receives a request 
client in the group; 

B. makes a dynamic dg^ision on whether the client is a member of the group; and 

C. issues at ruiuimg^ 4he"secondjietwork device, if the on-line server decides 
a ihember of the/group, a newly issued group membership list 
client is a member of the group. 



that the clifl 
proving that 



IS ; 



(Original) The compu 
vice is the elientjv^aid 



GO 

6^r 



(Original) The compui 



•^ata : 



siibseqi 



signal of claim 59^herein the second network de- 
uently- presenting to a resource server a request for 
access to a resource on the res|3urce server, said request including the group membership 
list. 



er data signal of claim ^^^^wherein the second network de- 
vice is a resource server, said resource server receiving a request from a client seeking 
access to a resource on the resource server, validating the group membership list, and 
authorizing client access to the i|esource. 

jfif^r (Amended) A computer aata signal embodied in a carrier wave and representing 
a sequence of instructions that, when executed by a processor in a network device associ- 
ated with a group, configures the nkwork device to operate as an on-line server that: 
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vice is the client, said client 
access to a resource on the 
membership certificate. 

44: (Original) The cc 



access to a resource on the 
cate, and authorizing client 



A. receives a reque st from a second network device for proof of non-membership 
of a client in th^ group; 

B. makes a dynamjc decision on whether the client is not a member of the group; 
and 

C. issues at runtim^ to the second network device, if the on-line server decides 
that the client is not a member of the group, a newly-issued group non- 
membership cerificate proving that the client is not a member of the group. 

(Original) The conlputer dat^^signal of claimj62^wherein the second network de- 



suh^quenw presenting to a resource server a request for 
resource server, said request including the group non- 



fer data signalbf claim ^^wherein the second network de- 
vice is a resource server, s£ id m^urce serve/receiving a request from a client seeking 



esource serve/; validating the group non-membership certifi- 
resource. 



j657 (Amended) A comptitef data signal embodied in a carrier wave and representing 
a sequence of instructi^ons^at, when executed by a processor in a network device associ- 
ated with a group, configureslthe network device to operate as an on-line server that: 

A. receives a request from a second network device for proof of non-membership 
of a client in the group; 

B. makes a dynamic dqpision on whether the client is not a member of the group; 
and 

C. issues at runtime to tlk second network device, if the on-line server decides 
that the client is not a member of the group, a newly issued group membership 
list proving that the client is not a member of the group. 
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4^ 



(Original) Th 
vice is the client, said 
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(.1 



computer data signal of claim ^5^herein the second network de- 
lequently presenting to a resource server a request for 
access to a resource o[i the re^urce server, said request including the group membership 
list. 




access to a resource or 



&T\ (Original) Thj ^mputer data signal of claim -65' wherein the second network de- 
vice is a resource serv ^r, said resource server receiving a request from a client seeking 



the resource server, validating the group membership list, and 



authorizing client access to the resource 
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